5,491 research outputs found
Representing Network Trust and Using It to Improve Anonymous Communication
Motivated by the effectiveness of correlation attacks against Tor, the
censorship arms race, and observations of malicious relays in Tor, we propose
that Tor users capture their trust in network elements using probability
distributions over the sets of elements observed by network adversaries. We
present a modular system that allows users to efficiently and conveniently
create such distributions and use them to improve their security. The major
components of this system are (i) an ontology of network-element types that
represents the main threats to and vulnerabilities of anonymous communication
over Tor, (ii) a formal language that allows users to naturally express trust
beliefs about network elements, and (iii) a conversion procedure that takes the
ontology, public information about the network, and user beliefs written in the
trust language and produce a Bayesian Belief Network that represents the
probability distribution in a way that is concise and easily sampleable. We
also present preliminary experimental results that show the distribution
produced by our system can improve security when employed by users; further
improvement is seen when the system is employed by both users and services.Comment: 24 pages; talk to be presented at HotPETs 201
A new security architecture for SIP based P2P computer networks
Many applications are transferred from C/S (Client/Server) mode to P2P (Peer-to-Peer) mode such as VoIP (Voice over IP). This paper presents a new security architecture, i.e. a trustworthy authentication algorithm of peers, for Session Initialize Protocol (SIP) based P2P computer networks. A mechanism for node authentication using a cryptographic primitive called one-way accumulator is proposed to secure the P2P SIP computer networks. It leverages the distributed nature of P2P to allow for distributed resource discovery and rendezvous in a SIP network, thus eliminating (or at least reducing) the need for centralized servers. The distributed node authentication algorithm is established for the P2P SIP computer networks. The corresponding protocol has been implemented in our P2P SIP experiment platform successfully. The performance study has verified the proposed distributed node authentication algorithm for SIP based P2P computer networks
PROTECT: Proximity-based Trust-advisor using Encounters for Mobile Societies
Many interactions between network users rely on trust, which is becoming
particularly important given the security breaches in the Internet today. These
problems are further exacerbated by the dynamics in wireless mobile networks.
In this paper we address the issue of trust advisory and establishment in
mobile networks, with application to ad hoc networks, including DTNs. We
utilize encounters in mobile societies in novel ways, noticing that mobility
provides opportunities to build proximity, location and similarity based trust.
Four new trust advisor filters are introduced - including encounter frequency,
duration, behavior vectors and behavior matrices - and evaluated over an
extensive set of real-world traces collected from a major university. Two sets
of statistical analyses are performed; the first examines the underlying
encounter relationships in mobile societies, and the second evaluates DTN
routing in mobile peer-to-peer networks using trust and selfishness models. We
find that for the analyzed trace, trust filters are stable in terms of growth
with time (3 filters have close to 90% overlap of users over a period of 9
weeks) and the results produced by different filters are noticeably different.
In our analysis for trust and selfishness model, our trust filters largely undo
the effect of selfishness on the unreachability in a network. Thus improving
the connectivity in a network with selfish nodes.
We hope that our initial promising results open the door for further research
on proximity-based trust
Dovetail: Stronger Anonymity in Next-Generation Internet Routing
Current low-latency anonymity systems use complex overlay networks to conceal
a user's IP address, introducing significant latency and network efficiency
penalties compared to normal Internet usage. Rather than obfuscating network
identity through higher level protocols, we propose a more direct solution: a
routing protocol that allows communication without exposing network identity,
providing a strong foundation for Internet privacy, while allowing identity to
be defined in those higher level protocols where it adds value.
Given current research initiatives advocating "clean slate" Internet designs,
an opportunity exists to design an internetwork layer routing protocol that
decouples identity from network location and thereby simplifies the anonymity
problem. Recently, Hsiao et al. proposed such a protocol (LAP), but it does not
protect the user against a local eavesdropper or an untrusted ISP, which will
not be acceptable for many users. Thus, we propose Dovetail, a next-generation
Internet routing protocol that provides anonymity against an active attacker
located at any single point within the network, including the user's ISP. A
major design challenge is to provide this protection without including an
application-layer proxy in data transmission. We address this challenge in path
construction by using a matchmaker node (an end host) to overlap two path
segments at a dovetail node (a router). The dovetail then trims away part of
the path so that data transmission bypasses the matchmaker. Additional design
features include the choice of many different paths through the network and the
joining of path segments without requiring a trusted third party. We develop a
systematic mechanism to measure the topological anonymity of our designs, and
we demonstrate the privacy and efficiency of our proposal by simulation, using
a model of the complete Internet at the AS-level
Quality of Information in Mobile Crowdsensing: Survey and Research Challenges
Smartphones have become the most pervasive devices in people's lives, and are
clearly transforming the way we live and perceive technology. Today's
smartphones benefit from almost ubiquitous Internet connectivity and come
equipped with a plethora of inexpensive yet powerful embedded sensors, such as
accelerometer, gyroscope, microphone, and camera. This unique combination has
enabled revolutionary applications based on the mobile crowdsensing paradigm,
such as real-time road traffic monitoring, air and noise pollution, crime
control, and wildlife monitoring, just to name a few. Differently from prior
sensing paradigms, humans are now the primary actors of the sensing process,
since they become fundamental in retrieving reliable and up-to-date information
about the event being monitored. As humans may behave unreliably or
maliciously, assessing and guaranteeing Quality of Information (QoI) becomes
more important than ever. In this paper, we provide a new framework for
defining and enforcing the QoI in mobile crowdsensing, and analyze in depth the
current state-of-the-art on the topic. We also outline novel research
challenges, along with possible directions of future work.Comment: To appear in ACM Transactions on Sensor Networks (TOSN
Modeling Data-Plane Power Consumption of Future Internet Architectures
With current efforts to design Future Internet Architectures (FIAs), the
evaluation and comparison of different proposals is an interesting research
challenge. Previously, metrics such as bandwidth or latency have commonly been
used to compare FIAs to IP networks. We suggest the use of power consumption as
a metric to compare FIAs. While low power consumption is an important goal in
its own right (as lower energy use translates to smaller environmental impact
as well as lower operating costs), power consumption can also serve as a proxy
for other metrics such as bandwidth and processor load.
Lacking power consumption statistics about either commodity FIA routers or
widely deployed FIA testbeds, we propose models for power consumption of FIA
routers. Based on our models, we simulate scenarios for measuring power
consumption of content delivery in different FIAs. Specifically, we address two
questions: 1) which of the proposed FIA candidates achieves the lowest energy
footprint; and 2) which set of design choices yields a power-efficient network
architecture? Although the lack of real-world data makes numerous assumptions
necessary for our analysis, we explore the uncertainty of our calculations
through sensitivity analysis of input parameters
- …